Andrew, Merlin,
> My approach was to remove all significant permissions (including on the
> catalog) from public and regrant them to a pseudopublic group,
> comprising designated users. The designated users would notice no
> difference at all, while everyone else would be able to see only what
> was explicitly granted to them. But there would be lots of testing and
> thinking to be done before releasing it into the wild :-)
<plug>Doesn't it seem like a really complete set of system views (based on
information_schema or otherwise) would potentially allow securing the
pg_catalog?</plug>
--
Josh Berkus
Aglio Database Solutions
San Francisco